|
Virtual Private Network (VPN) over Satellite
Satellites are ideal for providing Internet and private network access over long distances and to remote locations. However,
the Internet protocols are not optimized for satellite conditions, and consequently, without any additional processing, the
throughput over satellite networks is restricted to only a fraction of the available bandwidth. Satellite conditions adversely
interact with a number of elements of the TCP architecture, including its window sizing, congestion avoidance algorithms,
and data acknowledgment mechanisms, which combine to severely constrict the data throughput rate that can be achieved over
satellite links.
These limitations are normally overcome by a process called "TCP Acceleration" which is often integrated in the Indoor
Unit (IDU). In the case of the 2-way satellite services offered by Yemenat Satcom, TCP Acceleration is performed by the
LinkStar terminal. It increases the throughput and efficiency of network access over satellites by transparently replacing
TCP with a protocol optimized for the long latency, high loss and asymmetric bandwidth conditions - all typical of satellite
communications.
However, in order to perform this connection interception and protocol translation process, the IDU must be able to read
the headers of the TCP packets. Data security solutions used for Virtual Private Networks (VPN), such as IP Security (IPsec),
which encrypt the TCP header along with the data, interfere with the satellite link acceleration technology. The result is
a dramatic loss of network performance when using IPsec.
Together with our Partner UDcast, Yemenat Satcom has developed a solution which overcomes the limitations of VPN by
satellite. In the appliances of the UD-VPN product family, TCP Acceleration takes places outside the IPsec VPN tunnel, intercepting
and enhancing the unencrypted packets. VPN hardware performs subsequently the industry-standard IPsec encryption protocol
for the highest level of security, providing end-to-end encryption.
The UD-VPN system is composed of 3 components which all feature NAT/ FW/ DHCP/TCP acceleration, HTTP pre-fetching and IPsec
encryption. Depending on the number of sites, either one of the servers is installed at the headquarters:
- UD-VPN Master Server: Managed Server for numerous VPN over satellite connections. The UD-VPN Master Server establishes
a VPN tunnel from a corporate headquarters LAN across the public Internet, communicating via satellite through UD-VPN Access
Gateways to remote locations.
- UD-VPN Mini Server: Standalone Server for a one-to-one VPN over satellite connection. A VPN Mini-Server is typically
installed at corporate headquarters when a VPN connection to a single remote location is needed.
- UD-VPN Access Gateway: Client for two-way satellite connection. UD-VPN Access Gateway is the equipment installed
at the subsidiary locations.
As an extension to our products and services Yemenat Satocm offers unique satellite VPN performance for TCP/IP
traffic with network connectivity at high speed data rates up to 2 Mbps. Utilizing the shared infrastructure of public Internet
results in an an extremely cost efficient corporate network, meeting the needs of private and public enterprise sectors. Nevertheless,
the standards compliant VPN connectivity solution does not compromise on security, but through IPsec provides end-to-end security
at the highest level.
So, if your needs are for an affordable corporate network using public Internet resources in regions not reachable by traditional
service providers or as a back-up to an existing VPN, Yemenat Satcom has the right solution.
|
